def all():
db = mysql.connection.cursor()
user = get_user(db, session['user_id'])
userid = session['user_id']
try:
# Select all from 'store' table and 'categories' table where userid is current userid
db.execute("SELECT item, itemid, location, comments, userid, store.catid, category FROM store INNER JOIN categories on categories.catid=store.catid WHERE userid=%(userid)s", \
{'userid': userid} )
all_cat_data = db_extract(db)
# sort a list of dictionaries by key name
all_cat_data.sort(key=operator.itemgetter('catid'))
return render_template('all.html',
userData=all_cat_data,
category=False,
page="Browse all",
user=user,
side='sidebar')
except Exception as e:
print(e)
return render_template('index.html',
category=False,
page="Add your stuff")
def login():
db = mysql.connection.cursor()
# Empty session
session.clear()
# User reached route via POST (username/pw credentials submitted)
if request.method == "POST":
username = request.form.get("username")
# Ensure username was submitted
if not request.form.get("username"):
print(0)
return login_fail()
# Ensure password was submitted
elif not request.form.get("password"):
print(1)
return login_fail()
# Query database for username
db.execute("SELECT * FROM users WHERE username = %(username)s",
{"username": username})
try:
user_data = db_extract(db)
except Exception as e:
print(e)
print(2)
return login_fail()
try:
if not username == user_data[0][
'username'] or not check_password_hash(
user_data[0]['hash'], request.form.get('password')):
print(3)
return login_fail()
except Exception as e:
print(e)
print(4)
return login_fail()
try:
session["user_id"] = user_data[0]['id']
except Exception as e:
print(5)
print('if statement')
return login_fail()
# Redirect user to home page
return render_template('index.html',
user=user_data[0]['username'],
category=False,
page="Find your stuff")
# Else, render login page
else:
return render_template('login.html')
def add():
db = mysql.connection.cursor()
user = get_user(db, session['user_id'])
if request.method == 'POST':
category = request.form.get('category')
item = request.form.get('item')
location = request.form.get('location')
comments = request.form.get('comments')
#===================
# Backend validate form / check for errors
error0 = "Please enter a category."
error1 = "Please enter an item."
error2 = "Please enter a location."
if category == None:
return render_template('add.html', error0=error0)
if item == "":
return render_template('add.html', error1=error1)
if location == "":
return render_template('add.html', error2=error2)
cat_id = get_cat_id(category, db)
db.execute("INSERT INTO store (item, location, comments, catid, userid) \
VALUES (%(item)s, %(location)s, %(comments)s, %(catid)s, %(userid)s)" , \
{'item': item, 'location': location, 'comments': comments, 'catid': cat_id, 'userid': session['user_id']})
mysql.connection.commit()
# Select all user's 'store' data from current category that user is adding to
db.execute("SELECT * FROM store WHERE userid=%(userid)s AND catid=%(catid)s", \
{'userid': session['user_id'], 'catid': cat_id})
user_cat_data = db_extract(db)
thelength = len(user_cat_data)
return render_template('category.html',
user=user,
userData=user_cat_data,
category=category,
listlength=thelength,
side='sidebar')
else:
return render_template('add.html',
user=user,
side='sidebar',
category=False,
page="Add your stuff")
def category(value):
global sidebar
db = mysql.connection.cursor()
user = get_user(db, session['user_id'])
userid = session['user_id']
if not get_cat_id(value, db):
return internal_error(404)
try:
category = value
# Get corresponding category id number
db.execute("SELECT catid FROM categories WHERE category=%(category)s",
{'category': category})
catid = db.fetchone()['catid']
# Get 'store' table data where userid = userid AND catid=category id number
db.execute("SELECT * FROM store WHERE userid=%(userid)s AND catid=%(catid)s", \
{"userid": userid, "catid": catid})
user_cat_data = db_extract(db)
thelength = len(user_cat_data)
# Send data base results to
return render_template('category.html',
user=user,
userData=user_cat_data,
category=category,
listlength=thelength,
side='sidebar')
# If any errors direct user back to index page
except Exception as e:
print(e)
return render_template('index.html',
category=False,
page="Add your stuff")
def register():
db = mysql.connection.cursor()
# Forget any user_id
session.clear()
# User reached route via POST
if request.method == "POST":
# Backend validate form / check for errors
error0 = "Sorry, there was an error registering."
error1 = "Username must be 3 characters or more."
error2 = "Password must be 3 characters or more."
error3 = "Confirmation password doesn't match"
if len(request.form.get('username')) < 3:
return render_template('register.html',
error0=error0,
error2=error1)
if len(request.form.get('password')) < 3:
return render_template('register.html',
error0=error0,
error1=error2)
if not request.form.get('password') == request.form.get(
'confirmation'):
return render_template('register.html',
error0=error0,
error3=error3)
# Query of user database
username = request.form.get('username')
db.execute('SELECT * FROM users')
all_users = db_extract(db)
# Loop through all usernames, check against received username from /registration
for users in all_users:
if users['username'] == username:
userNameError = "Sorry, username is already taken"
return render_template('register.html', error1=userNameError)
# If no errors, then generate hash password for user
hash = generate_password_hash(request.form.get('password'),
method='pbkdf2:sha256',
salt_length=8)
# Add username and password to database
db.execute("INSERT INTO users (username, hash) VALUES (%s, %s)",
(request.form.get('username'), hash))
mysql.connection.commit()
# Select newly stored user information from user db
db.execute(
"SELECT id, username FROM users WHERE username = %(username)s",
{"username": request.form.get('username')})
row = db.fetchone()
#Apply MySQL generation user_id and set as session id.
session['user_id'] = row['id']
user = row['username']
# Generate index page with username value for jinja engine to insert into interface
return render_template('index.html',
user=user,
category=False,
page="Find your stuff")
else:
return render_template('register.html')